f4399f49479e033868f38b6886609aba_JaffaCakes118 | Triage

Sharing

General

Target

f4399f49479e033868f38b6886609aba_JaffaCakes118
Size

101KB
MD5

f4399f49479e033868f38b6886609aba
SHA1

dd6dd00cbc66b11fbfcbbe22ea340ac5c767a688
SHA256

3bc3f2da24c330339d06f0b0e0b803affac003507919c0bc826f48d94e321940
SHA512

c2a8569aea0aeb4ac3a03d6eae059ff04c7d6a79ea6b7e4af53951fab133911a468cdd73371aae9453d5d6582530edca1d68d996827ed36826120dfaed62aa45
SSDEEP

1536:4FY2+qvPq7YyYgpQklO0GDWE9ucYP0DPx9M/Ad7RozkBmaI0Bcw3vhl9RPqCVD0B:m++isgNOAE9ucRDvd7jTfhB1+

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4399f49479e033868f38b6886609aba_JaffaCakes118

Files

f4399f49479e033868f38b6886609aba_JaffaCakes118
.exe windows:4 windows x86 arch:x86

293faab1003b57d01309be611dd45785

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
MessageBoxA

kernel32

VirtualFree
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

Sections

Size: - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.linxer
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ